Covid-19 and your password
May 11, 2020
For the past twenty years, the concept of “Security” has been slowly moving to incorporate digital goods and valuables. Thieves no longer need to break locks and glide down from a ceiling to steal what is ours. Theft went virtual.
In light of the COVID-19 pandemic, it is important – more than ever – to practice good password hygiene.
WHO reports fivefold increase in cyber attacks, urges vigilance:
[…] Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund. The number of cyber attacks is now more than five times the number directed at the Organization in the same period last year. […]”. Source.
Just like my mentor says: “The one thing that keeps a hacker from accessing your information, is your password. “ – this statement will probably hold true for a long time.
May 7th was World Password Day. We urge Chapman University Students, Staff and Faculty to practice good password hygiene in order to prevent account compromise.
Tips for good password hygiene:
- Don’t Reuse Passwords
We recommend using one password per website/online service when possible.
Hackers often use already compromised passwords to attempt and hack into other services using the same username.
“More than 3,800 data breaches have hit organizations in 2019, according to Risk Based Security. The year 2019 is shaping up to be a landmark one for data breaches, as it has seen over 3,800 breaches—a 50% or greater increase over the last four years, according to a report published by Risk Based Security on Wednesday”.- Techrepublic
- Change your password regularly
If your password has been already exposed in a 3rd party breach, it could be used to probe different accounts you own (a list of the breaches by year can be found here.)
Haveibeenpwned.com is a good way to check if your email accounts have been exposed in a breach.
- Use a passPhrase (not a passWord)
According to SplashData and Wikipedia, the top 25 most common passwords of 2019 still contain “123456” and “password”.
A password is a word or a combination of a word and special characters, numbers usually less than 8 characters.
Passphrases generally contain several words and special characters, numbers and are more than 8 characters long.
An example of a password would be “Password123!” while a passphrase would be “IhaveaStrongPassword2010#” – these are examples only – please do not use them.
Hackers “crack” passwords – using a powerful computer and a computer program, they can try different combinations of words, letters and numbers to find a valid password for an account.
Visit this page to see how long would take to crack your password. Take note of how time increases when adding numbers and special characters.
- Don’t use personal information that can be guessed or obtained online
Hackers often search information about their targets online. Don’t use a password that can be easily guessed by looking at your social media profiles.
As this article shows (https://www.techrepublic.com/article/hackers-google-people-millions-still-using-sports-team-hometown-band-or-child-names-as-passwords/), people still use pets, things related to their childhood as password.
- Whenever possible use an extra layer of security – such as Multi Factor Authentication.
Multi-Factor Authentication – as the name suggests, uses more elements to allow you to log in to a service. Usually it is something you have (your phone, hardware token) and something you know (password, pin number). It can also be Something you (fingerprint, iris scan) are or a combination of the three.
Multi-factor authentication is used by financial institutions use for added protection.
Chapman University provides two factor authentication for Students, Staff and Faculty for free. To sign up, please visit 2fa.chapman.edu or scan the image below with your phone’s camera.
For more information, read IS&T’s blog post on the most recent scams. Visit the IS&T security website to stay up to date with the latest security alerts.